Mailinglist Archive: opensuse-bugs (4687 mails)

< Previous Next >
[Bug 580144] New: openct: ownership mismatch between openct,conf and HAL
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 16 Feb 2010 11:17:11 +0000
  • Message-id: <bug-580144-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>
http://bugzilla.novell.com/show_bug.cgi?id=580144

http://bugzilla.novell.com/show_bug.cgi?id=580144#c0


Summary: openct: ownership mismatch between openct,conf and HAL
Classification: openSUSE
Product: openSUSE 11.2
Version: Final
Platform: Other
OS/Version: openSUSE 11.2
Status: NEW
Severity: Major
Priority: P5 - None
Component: Hotplug
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: hwit@xxxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.7)
Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7

Prior to 11.0 (eg: 10.3) the (relevant top) lines from /etc/openct.conf read:
# Path to ifdhandler
ifdhandler = /usr/sbin/ifdhandler;

Since 11.0 (and still in 11.2) this has been changed into:
ifdhandler {
program = /usr/sbin/ifdhandler ;
#
# Safe to disable force_poll:
# >=linux-2.6.27.14
# >=linux-2.6.28.3
#
force_poll = 1;
user = scard;
groups = {
scard,
};
};

When plugging in an etoken (smartcard + usb-reader) one gets the error in
syslog:
Feb 11 14:04:15 wt8510w ifdhandler[7409]: Unable to open USB device
/dev/bus/usb/007/005: Permission denied
Feb 11 14:04:15 wt8510w ifdhandler[7409]: usb:/dev/bus/usb/007/005:
initialization failed (driver etoken64)
Feb 11 14:04:15 wt8510w ifdhandler[7409]: unable to open reader etoken64 usb
/dev/bus/usb/007/005

Reason for this is, that in the corresponding HAL-file, permissions are not
set:
In /usr/lib/hal/hald-addon-openct are the corresponding two lines (19,20) still
in comment.


Reproducible: Always

Steps to Reproduce:
1. Insert etoken (aladdin, or omnikey)
2. issue any opensc commands, like cardos-info
3. watch syslog
Actual Results:
Unable to open USB device /dev/bus/usb/007/005: Permission denied
usb:/dev/bus/usb/007/005: initialization failed (driver etoken64)
unable to open reader etoken64 usb /dev/bus/usb/007/005


1) either DO NOT SET the owner in /etc/openct.conf
(putting the line in #comment solves the problem)
2) or uncomment lines 19,20 in /usr/lib/hal/hald-addon-openct (chmod and chown)
that works as well.

3) Andreas Jellinghaus (from opensc) strongly recommends a upgrade to the
latest version: default 0.6.17-3.1, on the OBS is 0.16.17-21.3 available, while
openct 0.6.20 has been released.

I've raised severity to "major", as security-tokens don't work any more without
either change (1 or 2) above. (as said, in 10.3, the user was NOT set)

For current versions (11.0 / 11.2) a security patch should be not that
difficult, ether a new /etc/openct.conf or /usr/lib/hal/hald-addon-openct

I understand that for the upcoming 11.3 the use of "hal" is depreciated...

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
Follow Ups